diff --git a/gvfs.changes b/gvfs.changes
index 426d9c6..1daee8f 100644
--- a/gvfs.changes
+++ b/gvfs.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Sat Dec  2 16:53:11 UTC 2017 - dimstar@opensuse.org
+
+- Re-enabele caps(cap_net_bind_service=+ep)for gvfsd-nfs: the
+  permissions package was updated to reflect this change.
+- Add appropriate post/verifyscripts to set the capabilities as
+  defined in the permissions package.
+
 -------------------------------------------------------------------
 Wed Nov 22 11:01:59 UTC 2017 - dimstar@opensuse.org
 
diff --git a/gvfs.spec b/gvfs.spec
index d84a298..03c3add 100644
--- a/gvfs.spec
+++ b/gvfs.spec
@@ -207,6 +207,12 @@ find %{buildroot}%{_libdir} -type f -name '*.la' -delete -print
 %post fuse
 %tmpfiles_create %{_libexecdir}/tmpfiles.d/gvfsd-fuse-tmpfiles.conf
 
+%post backends
+%set_permissions %{_libexecdir}/%{name}/gvfsd-nfs
+
+%verifyscript backends
+%verify_permissions -e %{_libexecdir}/%{name}/gvfsd-nfs
+
 %postun
 %glib2_gio_module_postun
 
@@ -328,9 +334,8 @@ find %{buildroot}%{_libdir} -type f -name '*.la' -delete -print
 %{_libexecdir}/%{name}/gvfsd-network
 %{_datadir}/%{name}/mounts/network.mount
 %if 0%{?is_opensuse}
-# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure, not approved by sec, see boo#1065864
-# %caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs
-%{_libexecdir}/%{name}/gvfsd-nfs
+# allow priv ports for mounting nfs . Otherwise the nfs-service requires insecure (boo#1065864)
+%verify(not mode caps) %caps(cap_net_bind_service=+ep) %{_libexecdir}/%{name}/gvfsd-nfs
 %{_datadir}/%{name}/mounts/nfs.mount
 %endif
 %if !0%{?is_opensuse}